Increasing the effectiveness of packet marking schemes using wrap-around counting Bloom filter

Latest variants of denial-of-service attack like low-rate denial-of-service attack require very few packets for launching an attack. As a result, reducing the number of packets required for IP traceback has gained considerable importance. In packet marking schemes, routers probabilistically mark the packets. Therefore, a large number of packets is required by the victim to reconstruct the complete attack path. In this paper, we introduce an efficient data structure known as wrap-around counting Bloom filter WCBF to minimize the required number of packets. WCBF maintains a set of cyclic counters to decide which particular mark needs to be sent to the victim for faster IP traceback. We prove the efficacy of our technique by performing detailed theoretical analysis and confirm it using extensive experimental results. In case of probabilistic packet marking, the proposed scheme reduces the number of packets by 5-10 times. Likewise, in case of deterministic packet marking, the number of packets required is reduced by 2-4 times. We also show that WCBF can be incorporated with different variants of probabilistic packet marking and deterministic packet marking to obtain effective results. Finally, we highlight the benefits of WCBF over the other traceback schemes like logging and hybrid traceback. Copyright © 2016 John Wiley & Sons, Ltd.